Visit complete Cyber Security roadmap

← Back to Topics List


In the Incident Response Process, containment is the step where the identified threat is controlled to prevent any further damage to the system and organization, while maintaining the integrity of the collected incident data. The primary goal of containment is to limit the attack’s scope and prevent any further compromises.

Short-term and Long-term Containment

There are two main types of containment measures that need to be applied depending on the nature of the incident: short-term and long-term containment.

Short-term Containment

These measures are focused on stopping the immediate threat by disconnecting affected systems, blocking harmful IP addresses, or temporarily disabling the vulnerable service. However, these steps might result in the loss of valuable incident data, so it is essential to balance these actions against preserving evidence necessary for further investigation.

Long-term Containment

Long-term containment focuses on implementing more sustainable solutions to address the root cause of the incident, such as updating security patches, configuring firewalls, and implementing access control measures. These actions are taken to prevent reoccurrence and must be performed in parallel with the recovery phase to ensure a comprehensive Incident Response Process.

Key Steps in Containment

The following are some key steps that you should follow during the containment phase:

  • Isolate - Segregate the affected systems from the rest of the network to stop the spread of the threat.
  • Preserve Evidence - Securely capture relevant logs and data for future analysis and investigation.
  • Implement Temporary Measures - Take immediate actions to block the attacker and secure the environment while minimizing disruption.
  • Update Containment Strategy - Integrate lessons learned from previous incidents and external resources to continuously improve your containment process.

By properly executing the containment phase of the Incident Response Process, you will be well-prepared to eradicate the root cause of the cyber security threat and recover your affected systems with minimal damage to your organization.

Community is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Roadmaps Best Practices Guides Videos Store YouTube by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© · FAQs · Terms · Privacy


The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.